Category Archives: XHTML

RSS: What it is, and how to use it

Posted by on May 23, 2007

RSS (Really Simple Syndication) is a system of sending and receiving updates and other information from a central source to many users.

Very often, computer users find themselves regularly visiting the same sites. These might be news sites, blogs, forums, web mail, or something else. Usually, this requires redirecting a browser to each sites, then browsing the contents of that site.

The fundamental idea of RSS is to simplify this process by making the user’s computer collect all the updates from the user’s favourite sites in one place. That ‘place’ is a program on the user’s computer, called an RSS feed aggregator or feed reader.

Confusion about rel=”nofollow” links, robots.txt files, and robots meta tags

Posted by on April 19, 2007

It seems that some people are getting mixed signals about the difference between using the attribute/value pair of rel="nofollow" anchor links, disallow from robots.txt files, and the robots meta tags.

I’ll try to give an explanation with some examples to help clear the difference up.

Meta Tags

Those webmasters who have been using a robots meta tag know that if you tell a compliant (considerate?) spider or robot to ‘nofollow’ it means they should not follow any links that you have on your page. The meta tag goes in the head of your web page and might look something like this:

<meta name="robots" content="nofollow" />

You can take it a step further and ask the spider to not even index your page at all:

<meta name="robots" content="noindex, nofollow" />

You can indicate that you would like to be indexed or have your links followed, or not, or any combination. For example, these are all valid:

<meta name="robots" content="index, follow" />

<meta name="robots" content="noindex, follow" />

<meta name="robots" content="index, nofollow" />

<meta name="robots" content="noindex, nofollow" />

This is done on a page-by-page basis. In other words, each Web page would have a meta tag in the head of the document that might look something like this:

<head>
	<title>Some page on the Web</title>
	<meta name="robots" content="noindex, nofollow" />
</head>

Note that you are indicating your wishes here, and that robot spiders may or may not listen to your request.

There are other attribute values you can use. See the links for more reading.

Robots.txt

You can control how search spiders and robots index your site (or parts of it) by using an ASCII-encoded text (not HTML) file called robots.txt (case sensitive) in the root directory of your Web server.

This plain text file can define some simple guidelines for robots to use. For example, if you ask all robots (identified by a wildcard character of *) to not index your site at all (everything from the root of your server: /), your text file would look like this:

User-agent: *
Disallow: /

If you wanted all robots to index everything, you might try this:

User-agent: *
Allow: /

You could single out a single robot and ask it to do something link this:

User-agent: Googlebot
Disallow: /admin/

You can have several different rules for different robots. Again, not all robots will follow your requests.

Rel=”nofollow”

Here is where some of the confusion starts. Some people think that when you have a link on a page to another page, and you use the rel="nofollow" attribute/value pair, that search engine spiders will not follow this link.

Considering the name of the value (nofollow), plus the behaviour of the robots meta tag with nofollow, this seems like a logical assumption. However, it is false. Here’s why…

Back in 2005, several large search engines agreed that comment spam (comments in blogs, forums, etc with links to Web sites that existed only to drive traffic and were not really there are legitimate comments or links) was a serious problem. They came up with a plan to add an attribute to the (X)HTML anchor tag to help describe links that the site owner could not verify as being approved.

So, a normal link might look like this:

<a href="http://www.lanoie.com/index.html">Lanoie.com</a>

but if it was put there by a user in a comment block, the software could alter it to look like this:

<a href=http://www.lanoie.com/index.html rel="nofollow">Lanoie.com</a>

As links are often counted as part of the ranking of Web sites by search engines, the more links that link spammers can have their scripts automatically put in comment blocks, the more popular their sites would become in the search engine result pages (SERPs). The idea is that if a search engine spider sees a nofollow link, it will not use it for ranking algorithms. This does not mean that the spider will not follow the link and index the destination page, it just means that it won’t help with that page’s rank.

So that’s the theory. What happens in real life? That depends on the players in the game.

Yahoo, Microsoft, and Google all initially agreed in 2005 to respect this attribute with their spiders. Ask and several other search sites seem to be aware of it, too. The trick is that they are not all doing the same thing with it.

Some sites do not follow the link or index the destination page at all. Other spiders seem to follow the link and index the page, but not count it towards the rankings, while others seem blissfully unaware that it even exists and ignore the attribute entirely.

The end result is that, with all three of these tools, you are only giving your wishes and you have no guarantee that they will be followed.

Personally, the comment spam was so bad on this blog that I had to disable comments entirely.

How to make a good password

Posted by on February 3, 2006

Effective account protection is a two-party effort. The user needs to be educated on good and bad password techniques, and the system administrator has to allow for human nature while still securing their system.

In this post, we will discuss a few ways to get users to create reasonable passwords.

Better passwords are random passwords

One method to make decent passwords is to use very random characters. That’s tougher than you might think. If software can create it, then software can guess it. Some people might want to use electrical noise or atomic decay as a password
salt, but now we are getting really geeky.

Initial character passwords

The average user can get away with something much easier. Just come up with a phrase that is at least 8 or 10 words long and start having some fun with it. When January 2000 rolled around, my monthly password (my account was changed every 23 to 32 days) was based on a phrase like this:


The year 2000 bug has gone away… see ya!

Which would be shortened to:


tY2kbHGa–>CYA!

Since this is now publicly exposed, it should never be used by anyone again. If you have ever seen an example of a good password, then it’s not good anymore.

Passwords based on lyrics or sayings

Some people base a password on a song’s lyrics or some phrase. Let’s see what we come up with a few minutes of playing around.

Hey Jude, don’t make it bad. Take a sad song and make it better
This is a very popular Beatles song from 1968. It is longer than 10 words and it is easy to remember if you know the song, so it could work as a start of a basic password.

HJdmibTasSamib
We take the first character of each word and mix the case up. That looks like a decent password, except that millions of people know that song, and might try the same combination. It’s a good first step, but needs a little more tweaking.

HJ ,dm1b. T@sS&mIb!
Basic character substitution, like changing the letter ‘a’ to ‘@’ looks good to most users, but as we mentioned in other posts, it’s so common that it is easily cracked. However, the addition of some basic punctuation and spaces can help.

HJ ,dm1b. T@sS&mIb!1968
The addition of numbers makes it even more unique. Some might argue that using the date of the song is still rather weak, but in reality, this is a pretty decent password.

It is true that putting extra information at the beginning or the end of common passwords is a proven pattern, but that’s more for passwords like 1969FordMustange (more common than you think) or Sandra1972 (even worse, as it is only a single word and date).


HJ ,dm1b. 1968 cha-cha-cha T@sS&mIb!
Ok, now we moved the date inside the password, and added some stuff that has nothing to do with the song. While this isn’t a random password, it is certainly unique enough to be reasonable. If you make something up like this yourself, and you remember the pattern or logic in how you made it, then you can come up with a combination that is easy for you to remember but hard for others to guess.
Passphrases

Some people will simply make a short sentence their password. If you have a password of several words, complete with punctuation and spaces, you have an easy to remember password that is longer than 8 characters, contains no personal information, and is not in a dictionary.
Add some funky spelling and other characters and numbers, and you should be fine.

  • i-H8TEmodays, don’t u?
  • WhydoIHave2000passWorz?!?
  • MyBossIsGreat;i’m*self*employed!

Of course, since no one should ever know your password, you can type things about your boss that you would never actually say ;) Be careful, sometimes these passwords do get out.

Phonetic Passwords

You can make up your own nonsense word that means nothing but is speakable and easy to remember. Phonetically, these can be spoken (in your head) when you are learning them:

  • yo-mah, suTEEy8t
  • dach,Tez.CHi’set
  • pL8t.=,Sk8t
Use multiple passwords for multiple accounts

Remember to use different passwords for all of your accounts. This is a pain, but a necessary evil. If someone cracks one of your passwords, they cannot get into everything you have.

For example, imagine that someone uses their parent’s phone number for all of their banking PINs, online bill payments, work and personal email passwords, and so on. Once someone finds out that password, they are going to try it everywhere.

Don’t make it any easier for the bad guys.

In theory, every password you have should be totally random and unrelated to anything.

(Good luck with that,
human nature goes against it.) If you are given 12 passwords for 12 different systems that are totally random, chances are you are going to record them or forget them (or both). The average person will not memorize a dozen passwords, especially if they are not all used daily or if they change too often.

Different people handle this problem in different ways.

Some might use a passbook or a keychain system, where all their passwords are encrypted in a single, reasonable secure way. They would have one ‘master password’ to open the keychain and access whatever other password they need to use. This is popular, as the user only needs to really remember 1 strong password (it had better be strong!) and allows them to have many passwords for many systems.

It does, however, have some drawbacks. First, if the master password is lost or forgotten, then all their passwords are lost or forgotten. Second, if the master password gets cracked, then all of their passwords are exposed.

Another thing that some people try to do is have a common base password that they build other passwords on. For example, let’s assume that a person has to use several systems, and that they want a unique password for each.

  • Work email
  • Personal email
  • Work computer 1 (local Windows workstation)
  • Work computer 2 (Unix server)
  • Personal computer (Macintosh)

Maybe they come up with a password root based on some of the examples earlier like

G^3d’a-,fc
. They might then use that as a basis for their different passwords:

  • Work email:

    G^3d’a-,fc-WorkEmail
  • Personal email:

    G^3d’a-,fc-HomeEmail
  • Work computer 1 (local Windows workstation):

    G^3d’a-,fc-WorkWin2k
  • Work computer 2 (Unix server):

    G^3d’a-,fc-WorkUnix
  • Personal computer (Macintosh):

    G^3d’a-,fc-HomeMacOSX

The base of the password is reasonable, and the extension isn’t always the same pattern, so if one password is exposed, the others still have a chance of being secure until they can all be changed to something new. If a password does get exposed change them all (you should be changing passwords every now and then anyway).

Technically, if you are going to use this method, you might reverse the order and have the unique part of the password first, and the common parts near the end. This way, if someone is casually watching you type, it looks like a completely different password, and so it’s harder to find a pattern.

In other words, using the above example, you might use this:

  • Work email:

    WorkEmail-G^3d’a-,fc
  • Personal email:

    HomeEmail-G^3d’a-,fc
  • Work computer 1 (local Windows workstation):

    WorkWin2k-G^3d’a-,fc
  • Work computer 2 (Unix server):

    WorkUnix-G^3d’a-,fc
  • Personal computer (Macintosh):

    HomeMacOSX-G^3d’a-,fc

The first part of the password helps scramble the repeating pattern that is common to all of them.